Description

Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional behavior for anyone who knows the full document ID and corresponding URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Classification

CVE ID: CVE-2024-51210

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.81% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://medium.com/@adityaahuja.work/accessing-full-history-of-firepad-users-ddc889e73936
https://firebase.blog/posts/2013/04/announcing-firepad-our-open-source/
https://github.com/FirebaseExtended/firepad/releases/tag/v1.5.11

Timeline